GitHub Actions Integration

The InsightCloudSec Scan GitHub Action allows security and development teams to integrate infrastructure-as-code (IaC) security and compliance scans with their GitHub CI/CD pipelines. The Action is available at the GitHub Marketplace.

If you also use the GitHub Advanced Security (GHAS) module with the external Code Scanning feature, our bi-directional integration will publish the details of any ICS IaC scan findings back to GitHub in a SARIF format for consumption, which consolidates security alerts for developers in a central repository.

The following is an example of what our GitHub Action integration might look like:

on: pull_request: branches: - master - main jobs: ics-scan-and-upload: name: insightCloudSec repository scan with Github Advanced Security runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Scan the repository uses: rapid7/insightcloudsec-actions@v2 with: api_key: ${{ secrets.ics_api_key }} base_url: ${{ secrets.ics_base_url }} config_name: AWS CIS Benchmark 1.4 # the following is optional but recommended to surface results to Github Advanced Security - name: Upload the sarif report to Github Advanced Security if: always() uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ics_scan.sarif